Last Updated: Feb 17, 2023
These Terms (as defined below) apply between you as a natural person or a representative of a legal person and ASEC (“Aleks Security Cyber Intelligence Inc.”), a Canadian corporation, as set forth in Your subscription or separation Order Form. These Terms apply to Your access and use of the Services (as defined below) made available by ASEC at its websites and/or by other means. If you are accepting these Terms on behalf of another person, a company or other legal entity, you represent and warrant that you have full authority to bind that person, company or legal entity to these Terms. “Customer” and “You” refer to you as a natural person or the legal person that you represent.
“Acceptable Use Policy”
meaning the Acceptable Use Policy referenced to in these Terms.
means these Terms and your subscription or any application Order Forms executed hereunder, and any schedules or additional terms referenced to in these Terms.
means an information technology system of a Customer, such as websites, applications, software, devices and information technology environments.
means the external or internal automated service made available by ASEC through its ASEC Platform. Asset Discovery allows you to continuously detect, identify and monitor assets.
means the external or internal automated service made available by ASEC through its ASEC Platform. Asset Testing allows you to continuously scan your assets, including devices, websites and custom-built applications for vulnerabilities.
means the availability of the Service as defined in the Service Level Agreement, if applicable.
means top-level domains and their subdomains, including other domains and IP-addresses such domains point to, and all associated information, such as but not limited to DNS records, open ports and applications and services running on them. For the avoidance of doubt, other domains that your domain(s) point to may be owned by a third party and will be included in the attack surface monitored and scanned under Asset Discovery and Asset Testing, respectively.
means all business or technical information whether it is received, accessed or viewed in writing, visually, electronically or orally, including without limitation the Results and Customer Data, technical information, including without limitation details of ASEC’s services, marketing and business plans, databases, specifications, formulations, tooling, prototypes, sketches, models, drawings, engineering information, samples, computer software (source and object codes), including without limitation ASEC’s software, forecasts, identity of or details about actual or potential data (within the meaning of applicable data protection laws) and trade secrets, provided that such information is identified as confidential or a reasonable person would know it is confidential from the circumstances of disclosure.
Confidential Information does not include information that: (a) was known to the Receiving Party prior to the time of disclosure by the Disclosing Party; (b) was in the public domain prior to the time of execution of this Agreement through no fault or breach of the Agreement of the Receiving Party; (c) has been independently developed by the Receiving Party without reference to or use of the Confidential Information; or (d) the Receiving Party is obliged to disclose by law, or by a governmental or administrative agency or body or decision by a court or law, but only then after the Receiving Party has been notified the Disclosing Party of the required disclosure, if not such notification is prohibited by applicable law, court or government order. The Receiving Party will limit the disclosure of Confidential Information to the greatest extent possible under the circumstances.
means data uploaded by You or by a third-party on Your behalf to the Service platform, including Results.
means as defined in Section 13.1
means the effective date of the Agreement, which is the start date of Your subscription to the Service as indicated in Your subscription account. However, if the Service is provided to You subject to an Order Form, the Effective Date is stated therein.
means the software as a service (SaaS) platform including Asset Discovery and Asset Testing services made available by ASEC.
“Intellectual Property Rights“
means all copyrights and related rights, design rights, registered designs, patents, trademarks and service marks (registered and unregistered), trade secrets, database rights, know-how, rights in confidential information and all other intellectual property rights throughout the world for the full term of the rights concerned, including any derivative works incorporating any of the foregoing that may be created or developed in connection with this Agreement.
means as defined in the Service Level Agreement
means a binding call-off for Services executed under these Terms, specifying the scope, price and terms for provision of an individual Service, including, if applicable, any professional services.
“Party“ or “Parties”
means either one of the parties to the Agreement, You or ASEC, either individually or jointly, as the case may be.
means the purpose of the Service as described in Section 1
means as defined in Section 13.1
means in relation to each Party, and any of its Affiliates, i) its officers and employees that need to know the Confidential Information, ii) its professional advisers or consultants who are engaged to advise that Party and/or any of its Affiliates, iii) its contractors and sub-contractors engaged by that Party, and/or any of its Affiliates and iv) any other person to whom the other Party agrees in writing that Confidential Information may be disclosed, and which is in connection with or necessary for the fulfilment of the Agreement.
means the outcome generated by a completed Test, which are made available to You in the Service platform for a period as set out by You under the “Vulnerability“ view in the user interface. Results include, inter alia, vulnerability findings and reports. The Results can be accessed through a use interface, API’s or directly through an integrated third-party tool.
means the software as a service (SaaS) based external and internal Asset Discovery and Asset Testing or any related professional services made available by ASEC through its ASEC Platform.
“Service Level Agreement”
means the Service Level Agreement applicable to customers if stated in the applicable Order Form.
means the duration of Your subscription of the Service as defined in your account or as stated in the applicable Order Form.
means the security and vulnerability scans or such continuous monitoring of a given Customer Asset included in the Service. A Test may, depending on the type of service You are using, include, among other things, information gathering, crawling, fingerprinting, fuzz testing, deploying of test scripts and introducing other non-intrusive penetration tests.
means a free of cost trial subscription period or proof of concept of the Service granted to You by ASEC.
means an individual user, who has been granted access to the Service by the Customer or its Affiliates in accordance with this Agreement.
1. Purpose of Services
You acknowledge that the purpose of the Service is to, as applicable, monitor and strengthen the security of Your Assets and/or strengthen the security of Your Attack Surface, and that in furtherance of the purpose, ASEC may, when performing a Test, among other things, perform crawling, fuzzing testing, authenticated testing, deploy test scripts, and introduce other non-intrusive penetration tests for the limited purpose of revealing security vulnerabilities in Your Assets (“Purpose”). You agree and acknowledge that the provision of the Service, including performance of the Tests, in accordance with this Agreement, may lead to detrimental impact on Your Assets and is made solely at Your risk, and that You are responsible for the initiation of all Tests and the outcomes of the Tests and for any inconveniences, interruptions or other negative consequences thereof.
2. Your use of the Service
Subject to these Terms and Your subscription or separate Order Form, if applicable, and payment of all applicable fees, ASEC grants You a non-exclusive, non-transferable, non-assignable and limited right to use the respective Service(s) during the subscription term for Your own business purposes only. You are authorized to permit use of the Service to (a) Your own employees, (b) Your Affiliates and their respective employees, and (c) any third-party consultants performing services as independent contractors or subcontractors on Your behalf and/or on behalf of Customer Affiliates, solely for the purpose of providing such services to You and/or Your Affiliates.
Upon completion of a Test, the findings and insights will be generated into so called Results. The Results are Your Customer Data. Results will be retained for a period of time of Your choosing in the Service platform, the default retention time being twelve (12) months, or until You request Your account to be removed. However, ASEC has the right to store and freely use anonymized and aggregated data generated from Your use of the Service even after such a period of time.
4. Acceptable Use of the Service
You shall, and shall procure that Your Affiliates shall, (a) obtain all necessary authorizations, approvals and permissions for use of the Service in relation to the relevant System; (b) use the Service in full compliance with this Agreement; (c) be responsible for any acts or omissions by Users; (d) use the Service in accordance with all applicable laws and government regulations (including any local laws to which You are subject); (e) use the Service in compliance with the Acceptable Use Policy; (f) not make the Service available to any unauthorized third-party, and promptly inform ASEC in the event of any suspected unauthorized access to or use of the Service; (g) not create or attempt to create any substitute service or service similar to the Service, by use or reference to or access to, the Service or any of ASEC’s intellectual Property Rights; (h) not sell, lend out, lease, transfer, assign, sublicense, distribute or permit access or use of the Services, or any part thereof, to any third party without ASEC’s prior written approval; (i) not interfere with, or disrupt the integrity or performance of the Service or any third party data contained therein; (j) not attempt to gain unauthorized access to the Service or its related systems or networks; and (k) not decompile, disassemble, or reverse-engineer the software included in the Service, subject to what follows from applicable law.
5. Suspension of Service
ASEC may suspend Your, Your Affiliates' or an individual Users' access to and use of the Service (in whole or in part) upon prior notice, if, in ASEC’s reasonable opinion, Your, Your Affiliate’s or any User’s use of the Service (a) poses a threat to the security, availability or integrity of the Service or any other customer environment, (b) is in violation of the explicit use rights, included in the Acceptable Use Policy, granted under these Terms or any Order Form or any applicable law governing the use of the Service, or (c) poses a legal or third-party liability risk for ASEC. ASEC shall limit the suspension disabling only such component, use or access to the Service that is unauthorized according to this Section 5. ASEC shall promptly reinstate the Service for the relevant Customer, Customer Affiliate or User, when the underlying cause is remedied.
6.1 ASEC represents and warrants to You that (a) it s the right to grant the licenses and other rights relating to the Service provided under this Agreement; (b) the Services will conform in all material respects to the features, functionality and other specifications or requirements for the Services set forth in the support manual published by ASEC at [email protected], as updated from time to time; and (c) any professional services provided by ASEC will be performed in a diligent, timely, professional and workmanlike manner in accordance with prevailing industry standards and practices.
6.2 SUBJECT TO THE REPRESENTATIONS AND WARRANTIES PROVIDED IN SECTION 6.1, ASEC EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES AND REPRESENTATIONS TO THE FULLEST EXTENT POSSIBLE UNDER APPLICABLE LAWS, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE OR FITNESS FOR A PARTICULAR PURPOSE. ASEC SPECIFICALLY MAKES NO WARRANTY THAT THE SERVICE SHALL BE FREE FROM DEFECTS OR INTERRUPTIONS OF USE OF THAT THE SERVICE WILL BE 100% SUCCESSFUL IN IDENTIFYING ALL POSSIBLE SECURITY VULNERABILITIES. WITHOUT LIMITING THE ABOVE, ASEC DOES NOT WARRANT THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OR RESULT OF THE SERVICES WILL BE FREE FROM INTERRUPTIONS OR ERRORS. YOU ACKNOWLEDGE THAT BY USING THE SERVICE YOU SIMULATE A REAL SYSTEM INTRUSION AND YOU ARE AWARE OR AND TAKE FULL RESPONSIBILITY FOR ANY CONSEQUENCES THEREOF, INCLUDING ANY CONSEQUENCES ATTRIBUTABLE TO THE USE OF THE INFORMATION CONTAINED IN REPORTS GENERATED AS PART OF THE SERVICE.
7. Modifications to the Service
The content, functionality and features of the Service may change over time as ASEC continuously enhances and updates the Service. Subject to Your termination rights as set forth in Section 15.2, ASEC will notify You in writing no later than fourteen (14) days before making any material changes to the Service. Without limiting the generality of the foregoing, ASEC reserves the right to delete or disable content or functionality of the Service in the event of any claims based on alleged infringement of any third-party Intellectual Property Rights.
8.1 ASEC follows industry best practices and the Service is subject to security measures in line with industry best practices. ASEC will take reasonable steps and precautions against security breaches. ASEC will maintain appropriate technical and organizational measures to protect any data and information, including personal data and Confidential Information, that it collects, accesses, processes or receives from You within the scope of the Service against unauthorized or unlawful transfer, processing, alteration or access and against accidental loss, damage, processing, use, transfer or destruction.
8.2 ASEC shall notify You immediately, but no later than 72 hours, or such shorter time period as may be required under applicable law, after becoming aware of any security breach or potential security breach which affects Your Service or Your business or Systems. Each of ASEC and You shall use commercially reasonable efforts to cooperate with one another to address or remediate any such security breach or potential security breach.
9. Personal data processing
10. Service Level Agreement
The Service Level Agreement is applicable to customers if so stated in the separate Order Form applicable between You and ASEC.
11. Prices and Payments terms
11.1 In consideration of the provision of the Service and the licenses granted hereunder, You shall pay the fees for the Service, as specified on ASEC’s website or in a mutually agreed Order Form. The fees for the Service shall, on an annual basis, increase by the greater of (a) 3.5% and (b) any increase in Labour Cost Index (LCI tjm) SNI2007 kod j (IT and telecom sector), but no more than 5% compared to the previous year. For avoidance of doubt, ASEC reserves the right to change its fees at any time in its sole discretion provided that such changes will only take effect once per year.
11.2 Unless otherwise specified by ASEC, all prices and charges are exclusive of tax, levies, or similar governmental charges that may be assessed by any jurisdiction, including without limitation, any export, or local VAT, lease tax, sales, use of goods and services tax and excise duty.
11.3 If you are paying by credit card: Subscription fees are payable and drawn in advance from your account for the Subscription Term, as specified in Your subscription or applicable Order Form. License upscale fees will be drawn for the reminder of the Subscription Term once ordered by You. The third-party payment service provider will store your credit card details to fulfil the payment obligations. When you add your credit card details we will charge your card an amount as a pre-authorization to verify that the details you have entered are valid. The transaction is immediately cancelled when we have verified your details.
11.4 If you are paying by invoice: If You are paying by invoice the payment will be made for the specific Subscription Term in advance as stated in Your subscription or Order Form. All undisputed invoices shall be paid within thirty (30) days of the date of ASEC’s invoice. You shall provide ASEC with your updated billing information prior to the start of your Subscription term.
12. Intellectual Property Rights
12.1 All Intellectual Property Rights subsisting in, and relating to or arising out of the Service, including all software, technology and content, are owned by and vest in ASEC and/or its licensors, including all developments and enhancements made to the Service. You acknowledge and agree that no rights, title, or interest in or to the Service or any related Intellectual Property Rights of ASEC are assigned or transferred to You under this Agreement except for the limited use rights granted in Section 2.
12.2 The Results generated under the Agreement are Your Customer Data and shall be owned by You, however excluding any Intellectual Property Rights of ASEC included therein (including but not limited to software, copyrighted works, know-how and trade secrets, such as attack vectors and payloads). You may only use such Intellectual Property Rights of ASEC for the purpose of handling any identified security gaps in Your Assets.
12.3 You grant to ASEC a non-exclusive, sub-licensable, royalty-free, worldwide, perpetual and irrevocable license to freely use any data generated as a result of Your use of the Service, in anonymized and aggregated form only, for commercial purposes including sharing with any third parties, provided that Your confidentiality is maintained, and such material is disclosed in a form which is not capable of being reverse engineered.
12.4 If You submit feedback about the Service to ASEC, including comments and ideas on how to improve the Service, all such feedback will constitute Confidential Information of ASEC and will be the sole and exclusive property of ASEC. You hereby irrevocably assign and transfer to ASEC all Your rights, title and interest in and to all feedback including all Intellectual Property Rights therein.
13.1 A Party receiving Confidential Information (the “Receiving Party”) from the other Party (the “Disclosing Party”) shall keep Confidential Information strictly confidential and not disclose such Confidential Information to any third-party without the Disclosing Party’s prior written consent. The Receiving Party shall ensure that the Confidential Information is not inadvertently made available to any third party or otherwise disclosed in breach of the Agreement.
13.2 The Receiving Party may only use the Confidential Information for the purpose of complying with the Agreement and undertakes not to use the Confidential Information for any other purpose whatsoever.
13.3 The Receiving Party may disclose the Confidential Information only to its Representatives that have a direct need to know it. The Receiving Party shall procure that such Representatives are bound by no less extensive obligations than hose set out in these Terms. The Receiving Party shall be liable to the Disclosing Party pursuant to the provisions set forth in these Terms for any breach by its Representatives.
13.4 The Receiving Party may not copy, make transcriptions or recordings or in any other way reproduce or duplicate any document or medium containing Confidential Information, without Disclosing Party’s prior written consent.
14.1 The term of the Agreement shall commence upon the date You signed up for the Service online or upon the Effective Date of the Order Form, and unless earlier terminated as provided herein, shall continue for the Subscription Term as set out in Your subscription or applicable Order Form.The Subscription Term will automatically renew for successive terms equal in duration to the initial Subscription Term unless You notify ASEC in writing before the expiration of the then-current Subscription Term that You do not wish to renew the Services for an additional Subscription Term.
14.2 If You are on a Trial plan: The term of your Trial subscription and the Agreement shall commence when You sign up for the Trial or as set out in an Order Form or similar, and apply as set out in Your subscription or as separately agreed to between You and ASEC. A Trial subscription will not renew upon expiration of the Trial period.
15. Termination for cause
15.1 Either Part may terminate the Agreement without further notice if the other Party materially breaches the terms of the Agreement and does not remedy such breach within (30) calendar days on which breaching Party receives written notice of such breach from the other Party. Additionally, either Party may terminate the Agreement without liability to the other Party if the other enters into compulsory or voluntary liquidation, ceases for any reason to carry on business, or takes or suffers any similar action that the other Party reasonably believes will materially impair its performance under the Agreement (including payment of fees).
15.2 You may terminate the Agreement with immediate effect upon written notice to ASEC, if ASEC changes the Service according to Section 7 in a way which constitutes a material adverse change of the Service (in Your reasonable opinion). Your notice of termination shall be given within two (2) weeks of ASEC’s notice of the material adverse change.
15.3 ASEC may terminate the Agreement with immediate effect upon written notice to You, if a suspension event according to Section 5 has lasted for more than 30 days without being remediated by You.
15.4 Where a Party has the right to terminate the Agreement for cause, it may also terminate all outstanding Order Forms on the same termination ground, or alternatively (at its discretion) only terminate the Order Form to which the termination ground relates.
16. Effects of termination
16.1 Where You have terminated the Agreement for material breach by ASEC pursuant to Sections 15.1 or 15.2 (or under the Service Level Agreement, if applicable) You shall receive a pro rata refund of any prepaid and unused fees from ASEC.
16.2 Where ASEC has terminated the Agreement subject to Sections 15.1 or 15.3 above, any sum owned or due to ASEC shall be immediately payable and You shall not be entitled to any remuneration or compensation from ASEC.
16.3 Further, upon the termination of this Agreement for any reason: (a) Your rights hereunder shall terminate; and (b) each Party shall upon request (or at the other Party’s option, destroy) any and all Confidential Information in that Party’s possession or control to the other Party within fourteen (14) days, with the exception of confidential information stored in back-ups or archives and which cannot without significant efforts be retrieved or that Party is required to retain due to a legal or regulatory obligation.
17.1 ASEC shall defend, indemnify and hold harmless You and Your representatives and employees from and against all costs, damages, losses and expenses, including reasonable attorneys' fees and other legal expenses, arising from any third-party claim that use of the Service as expressly permitted herein violates any third-party Intellectual property Rights.
17.2 You shall defend, indemnify and hold harmless ASEC and its representatives and employees from and against all costs, damages, losses and expenses, including resonable attorney’s fees and other legal expenses, arising from any third-party claims that: (a) Your use of the Service, in violation of the terms of this Agreement, infringes any third-party rights, including without limitation, infringement or violation of any third-party rights, including without limitation, infringement or violation of any third-party Intellectual Property Rights or privacy rights; (b) You do not hold all necessary authorizations, approvals and permissions necessary for lawful use of the Service, including conducting Tests; or (c) Your use of the Service is in any other way in breach of the acceptable use of the Service as set out in Section 4.
18.1 In no event shall ASEC be liable to You or Your Affiliates for any direct of indirect damages resulting from Your or Your Affiliates' use of the Service, provided that ASEC has provided the Service in accordance with the Agreement. Furthermore, in no event shall ASEC be liable for the accuracy or availability of any integrated services or products provided by third-parties.
18.2 Nothing in these Terms or the Agreement shall operate to exclude or restrict either Party’s liability for (a) any damage caused by wilful misconduct, gross negligence, or fraud; or (b) the specific indemnity undertakings made by a Party under Section 17 of this Agreement.
18.3 ASEC’s total liability hereunder shall, subject to Section 18.2, for all damages arising under the Agreement, be limited to 100% of the total fees paid or payable by You under the Agreement in the contract year in which the breaches occurred.
Neither Party may assign or otherwise transfer this Agreement without the other Party’s prior written consent, which will not be unreasonably withheld; provided, however, that either Party may transfer this Agreement to an Affiliate or to a third-party in connection with a merger, sale or all (or substaintially all) of its shares or other ownership or a corporate reorganization upon prior written notice.
20. Force majeure
Neither Party shall be liable for failure to fulfil any obligations under the Agreement, when this is due to any event beyond the reasonable control of a Party and which were not foreseen at the time of execution of the Agreement, and which could not have been prevented or its effects avoided by use of reasonable actions, such as, explosion, fire, storm, earthquake, flood, drought, riots, strikes, civil disobedience, sabotage, terrorist acts, civil war or revolutions, war or government action (“Force Majeure”). Each Party will use commercially reasonable efforts to undertake all necessary and reasonable actions within its control in order to limit the extent of the damages and consequences of Force Majeure. The Party affected by such Force Majeure shall immediately inform the other Party in writing, the beginning and the end of such occurrence. If an event of Force Majeure continues for a period of thirty (3) days or more, either Party may, upon written notice to the other Party, terminate this Agreement and/or the relevant Order Form without any further liability on the party of either Party, except to pay for Services already supplied.
21. Modification of the Terms
ASEC may revise these Terms, of which the current version will be available on ASEC’s website. The revised Terms become effective once made available on the website. ASEC will notify its customers of any major changes to the Terms, such as when Your rights and/or obligations will significantly change, in which case You will have the opportunity to object by contacting ASEC directly at [email protected] if you continue to use the Services after a revision of Terms has become effective, you agree to be bound by the revised Terms.
Any notice or other communication under the Agreement shall be in writing and shall be sent by letter or email to the said contact person and shall be deemed to have been effectively given: (a) at the time it is sent, if sent by email (unless the sender receives an automated message that the email has not been delivered); or (b) two (2) business days after the day it is sent, if sent by recommended mail.
Noticed to You shall be sent to the contact person and email address stated in the Order Form, if You have one, or in your subscription account. Noticed to ASEC shall be sent to:
ASEC | Aleks Security Cyber Intelligence Inc,
18 King Street East, Suite 1400
23.1 The Agreement between You and ASEC constitutes the entire agreement between the Parties with respect to its subject matter and supersedes any previous agreement, proposal, correspondence or communication whether written or oral relating to that subject matter.
23.2 If there is a subject matter conflict between the Order Form and these Terms and any of the schedules of additional terms referenced to herein, these Terms will prevail unless the conflicting provision of the Order Form specifically references the provision of these Terms to be superseded.
23.3 Nothing in the Agreement is intended to, or shall be deemed to, establish any employment relationship, partnership or joint venture between the Parties, constitute any right to act as as an agent of the other party, or authorize any party to make or enter into any commitments for or on behalf of any party.
23.4 A waiver of any right or remedy under the Agreement only effective if given in writing and shall be deemed a waiver of any subsequent right or remedy. No failure or delay by a party to exercise any right or remedy provided under the Agreement shall constitute a waiver of that or any other right or remedy, no shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
23.5 All provisions of the Agreement and these Terms that can be reasonably interpreted as surviving upon the full performance, expiry, termination or voidance of the Agreement shall survive said performance, expiry, termination or voidance.
23.6 If any provision of the Agreement is or becomes invalid, illegal or unenforceable in whole or in part it shall not affect the validity and enforceability of the rest of the Agreement.
24. Governing law and dispute resolution
24.1 This Agreement shall be governed by and construed in accordance with the substantive laws of Canada, without regard to its provisions concerning choice of laws.
24.2 Any dispute, controversy or claim arising out of or in connection with the Agreement, or the breach, termination, or invalidity thereof, shall preferably be resolved through negotiations between the Parties.
24.3 Where the Parties have failed to resolve the dispute within thirty (30) days of it having been referred to negotiations, the dispute shall be finally settled by arbitration. The seat of arbitration shall be in Toronto, Canada. The language to be used in the arbitral proceedings shall be the English language, unless the Parties agree otherwise. The Parties hereby explicitly agree that the confidentiality undertaking in Section 13 shall be upheld by both Parties and the arbitrators in relation to any arbitration proceedings and any arbitration award or decision.
24.4 Notwithstanding what is set forth above, ASEC shall be entitled to commence proceedings before a court of general jurisdiction or any enforcement authority to demand payment of non-paid fees which have not been disputed by the Customer within 45 days of the payment due date.